Exploring the Interrelations Between Safety and Security: Research and Management Challenges

This chapter discusses some of the research and management challenges related to the safety and security nexus. In the first part, we address the conceptual connections between safety and security and discuss how different perspectives on how they come together allows for characterizing the complexity and ambivalence of their interrelations. We then go on to identify tradeoffs between safety and security and show that these exist both in theory and practice. Managing both safety and security means tradeoffs and power relations between internal entities and professionals, but also beyond its own boundaries since some vulnerabilities escape the organization’s scope. In the final part of the chapter, we argue that addressing the interrelations between safety and security poses managerial and research challenges that call for global approaches to apprehend the multiple facets of the issue. We explain that little has been done on how the global trends of the risk society bring with them unanticipated and “hidden” effects on organizations safety and security practices and that it is here, as a macro-global oriented approach to organizational safety and security research, that the two fields of safety and security confront a shared research agenda.

it mean that safety and security become mixed in the management of hazardous technologies and activities? Despite their apparent or intuitive proximity when considered conceptually, safety and security reveal some nuances and differences when leadership and practices are analyzed [1]. Technologies and activities also differ in the number and types of threats and hazards they have to deal with. Answers to the question are thus more complex than the initial conceptual similarities indicate. Looking at synergies and tensions between the two, in this final chapter, we come back to some main insights derived from the previous chapters and discuss challenges of addressing such a multi-faceted issue from both research and management viewpoints.

Implications of Definitions
From both a research perspective and an angle of management, defining safety and security seems a natural place to start in order to address their interrelations. Many seem to expect a unified understanding of definitions. This could allow both different scientists and practitioners across sectors to "speak the same language", in order to better understand each other and work together. However, merely based on the various outlooks represented in this book, conceptual agreement is easier said than done. Brooks and Cole (this volume) also identify clear distinctions in the underlying body of knowledge between the safety and security professions, even though some overlap exists around the management of risks. Perhaps shared definition is not a sensible goal to pursue at all, as safety and security knowledge vary to a large degree depending on, among other, hazards/threats, disciplinary approach, regulatory context, and practice.

Defined as What We Want to Prevent
Both safety and security are seen as the freedom from harm. Indeed, when successful as management strategies, both safety and security lead to prevention or minimized unwanted consequences for people, the environment, and/or property. In other words, both share a common goal in loss prevention. However, when focusing on unwanted events and the associated causal factors that are eliminated and constrained, safety and security differ. In all the chapters, it is acknowledged that the involvement of human intent as a cause marks an important difference in how events are considered, managed, and prevented, justifying a clear distinction between safety and security. Although here again, there are some nuances. Where Blokland & Reniers, Leveson, Bongiovani, and Boustras (this volume) put intentionality forward as the main distinction, Jore, Brooks & Cole, Wipf, and LaPorte (this volume) are more nuanced, arguing that the difference is most clearly defined by malicious intent or the "primacy of hostile intent" (Schulman this volume) as a criterion for a security event.

Risk as an Overarching Framework for Management
According to Leveson and Bongiovanni (both this volume), conceptual exercises around the terms safety and security are not what really matters. In Leveson's approach (this volume), safety and security are both considered as sources of a system's loss of control, with no need for any distinction in the way they are considered and managed. Security events have an equivalent status to that of technical failure or human error. In this approach, the theoretical, methodological but also practical consequences of considering both safety and security are minimized. The two aspects smoothly combine by adding security threats to safety hazards and the associated failure scenarios to that already identified in a safety risk analysis. Eventually, from system engineering and design thinking perspectives, or more specifically, from the perspective of how to design controls in a system, addressing safety and security together and in the same way, seems natural and achievable. However, defining both safety and security as a dynamic control problem is a way of framing the issue of their interrelations that makes the solution already available and implemented for safety applicable to security as well. As stated during the workshop, we must be careful of "defining the problems based on our solutions".
Blokland and Reniers (this volume) apply a broadly used definition of risk as a reference to define safety and security. A key challenge in the movement from safety/security to risk is that both safety and security may improperly communicate an absolute degree of freedom from risk that is not implicit in risk science [2]. Many of the biggest safety and security risks we currently face are, although different in their causes, all products of human activities seen as being necessary. Thus, risks emerge from activities that we have to or want to undertake and cannot be "managed away" by science. Political demands for both safety and security may confuse both the politicians themselves and regulators, creating unrealistic and unwarranted expectations for action. The margins of error may be changed but the risk will remain as long as the activities continue. This has influenced and broadened approaches to uncertainty in risk research [3]. A significant issue for the assessment and management of risks is whether uncertainty is positive or negative. For example, in terms of nuclear power plants or airlines, is it good or bad to have uncertainties? Is it different depending on threats and hazards? A growing body of work has acknowledged that uncertainty plays a significant role in our understandings of safe and secure systems and societies [4][5][6]. In addition, how much an activity means for us is strongly associated with our judgment as to whether the risk is worth taking [7]. Consequently, both the risk appraisal and risk management of threats and hazards are influenced by individual and social factors. For situations where there is a rise in demand for safety and security, such as after a major disaster or a terrorist attack, we should expect the perception of risks to be amplified and standards to become more stringent than compared to direct estimation. However, for situations where demands for safety and security are low, such as for activities that produce large short-term ben-efits where consequences are uncertain, for example, mobile digital communication technologies, we can expect risks to be attenuated and standards to be more relaxed [2,8].

In Safety We Trust, in Security We Distrust
Security management, whether through its interrelations with safety or not, induces some organizational challenges from both a research and a practical viewpoint. Whereas safety, at least in principle, has reached a state where openness and sharing of information are acknowledged as criteria of improvement, security is rather a world of secrecy, both for attackers and for the potentially targeted organizations, which avoids increasing their vulnerability by unveiling characteristics. One of the categories of security threats that have received increased attention is insider events, as sadly illustrated by the Germanwings catastrophe in 2015 where the crash was caused deliberately by the co-pilot. The possibility of having employees that are on the one side trusted for their contribution to safety and at the same time distrusted as potential security threats represents a challenge for organizations [1], both conceptually and in practice as advanced by Jore (this volume) on the relevance of how to develop a security culture in organizations. Moreover, gaining access to the field for researchers, or even exchanging information with experts, becomes a challenge as soon as security is involved.
Consequently, addressing the interrelations between safety and security is not as simple as "mixing" the two using a broad risk approach or extending the scope of existing either safety or security approaches. As illustrated by Schulman (this volume), security involves vulnerability variables that are outside the boundaries of organizations. This observation has several implications: practical and managerial ones within an organization, but also methodological when it comes to describing, analyzing, and understanding the interrelations between organizations and their increasingly global environment. Addressing the interrelation between safety and security thus requires some caution not to be blinded by conceptual elegance or methodological solutions already available.

Tradeoffs Between Safety and Security
Exploring the synergies and tensions between safety and security allowed for recognizing the respective professions associated with safety and security, the resources that they both strive for, and lastly some conceptual and methodological rivalry between scientific frameworks and communities. These issues highlight the point that although organizations need a degree of both safety and security, there may be some important tradeoffs between them.
The security world, in terms of the industries, the actors, and the tasks involved, has significantly changed. "It used to be a police concern, classified information (…). Today, security is something a lot of people are doing (private companies, civil society…). It encompasses the security guard at the hotel, at the airport" (Jore, this volume) as well as others like the corporate security officers in companies. The spreading of security as an activity has been accompanied by the structuring of security as a profession (Jore, this volume), with tasks, underlying body of knowledge, and professional communities distinct from safety (Brooks & Cole, this volume). With security becoming an increased concern for hazardous industries, safety and security are now more than ever competing within organizations in terms of attention, resources, and power. As advanced by LaPorte (this volume), the form these managerial challenges can take depends on the historical path of the organization with respect to safety and security. Particularly, challenges are formed by which one existed first in the organization and what mix is already established. Introducing a new management function, whether safety or security, involves allocating dedicated resources that may also change the existing power balance and share of voice between the respective functions within organizations.
Beyond these areas of potential tension, the apparent proximity between safety and security can make it tempting for researchers to extend the scope of concepts and methods from one area of expertise (whether safety or security) to the other. As an illustration, one can take the evolution of the European Commission's research agenda for aviation. Safety was historically the core topic of the Advisory Council for Aviation Research and innovation in Europe (ACARE). Over the past few years, the safety working group has become the Safety and Security working group, and the 2017 version of the Strategic Research and Innovation Agenda 1 deriving from the ACARE vision includes a large security section with a research budget emphasizing security. Although safety and security are close enough to appear in a shared research agenda, the intersection between safety and security is still largely addressed by experts in one or another domain, using concepts, theories, and methods coming from either safety or security. What we may be forgetting, ironically enough, is that doing so leads to transferring not only research approaches but also their (tacit) foundational premises that often remain implicit. For example, safety strives for everybody within the organization sharing information. Also, safety research is based on many well-developed researcher-practitioner collaborations. Looked through a security lens, the same premises do not seem to be considered foundational. Consequently, although transferring and adapting safety approaches to security may be tempting, understanding the underlying premises may be essential for this work to be successful. Of course, a parallel rationale applies for the opposite move from security to safety.

The Societal Convergence of Safety and Security
Returning to the chapters of the book, this volume shows that the management of safety and security in organizations is not isolated from social expectations and societal changes. As stated by Brooks and Coole (this volume, p. 64), "society becomes more complex and its members more risk averse", whether the risk is associated with safety or security. Whereas the level of safety and security has increased over time, perceptions of risk have evolved differently [9], and overall acceptability of risk has decreased. The safest assumptions for the future seem to be that technology but also society will increase in complexity, uncertainty will abound, and new vulnerabilities will emerge. We believe that safety and security in organizations are not disconnected from the wider patterns of neo-liberal influence [10] characterized by extensive deregulation, privatization, and outsourcing. Today individuals have a lot more objectives and a lot more to lose than in the past, while at the same time their trust in institutions has decreased. These developments of the risk society are quite well described within European sociology [11] and in risk research [12]. Also, there are some issues that we can associate with the risk society thesis that have been picked up by safety and security research. One such issue is the acknowledgment that it is impossible to anticipate and control everything a priori and that other (complementary) strategies are needed. This line of thought recognized and addressed by HRO theory [13] in the late 80s and early 90s, the mindful organizing developments [14] and the resilience engineering research strand more recently [15], challenge management models based on logics of hierarchical control and converge on shared issues such as: How to be prepared to be surprised? How to manage the unexpected? What would it take to acknowledge uncertainty and evolve accordingly at a societal level, but also at the various organizational levels? However, as several scholars have already pointed out in relation to safety [10,16], little has been done on how the global trends of the risk society bring with them unanticipated and "hidden" effects on organizations' safety and security practices. It is perhaps here, as a macro-global approach to organizational safety and security research, that the two fields more fully confront a shared research agenda and to which several of the authors in this volume propose key contributions. For example, LaPorte (this volume) provides an interesting angle in the obligations of leadership to reach beyond the boundaries of their own organizations to avoid the "thinning of watchfulness", "assure organizational and public understanding of safety and security stewardship roles and their fundamental contributions" as well as to "enhance a sense of honor and resources-beyond operational costs-for safety and security stewards" (p. 84). The theoretical developments in safety science during the 90s [17][18][19] underlined the impact of organizational and institutional aspects, with timeframes that went significantly back in time and upstream from operations. With security, threats such as terrorist attacks may for both explanatory and protective purposes have to be related to even longer-developing phenomena, such as radicalization as advanced by Boustras (this volume), with timeframes that go beyond technological design, organizational decisions, regulations, and laws.

Developing a Global Approach to Organizational Safety and Security Research
As indicated by several of the considerations in this volume (Schulman, Boustras), if we are to develop a global approach to study organizations, we need to consider different scales at the same time. Even more so, the range of scales needed to understand the interactions between safety and security may be even greater than when addressing safety or security alone. Pettersen and Bjørnskau [1] pointed at the impact of EU security regulations on aviation organization employees' working conditions and influence on safety in the field. Schulman (this volume) underlines the limitations of focusing exclusively on organizations when addressing security, for these organizations have little if any control on external vulnerability variables. Also, Boustras (this volume) discusses the need for multiple scales related to the link between radicalization as an international issue and workplace risks at an individual level. Conversely, with ever more interconnected systems and critical infrastructures, an individual malevolent act can have significant worldwide safety consequences, either direct, indirect, or both. These interactions between phenomena and actors at very different levels raise questions. For example, what is the motivation (even before the question of the means) for a company to prioritize and dedicate its own resources to preventing a malicious attack that may be high on the agenda as societal issues but with a very low probability for incidents in a specific company? Also, in the example of the Brussels airport attack in 2016, for example, the Head of Brussels airport security reported that members of his crisis team had a hard time getting to the crisis room from outside the airport for security at the site was under government responsibility. The scope of responsibility and leeway to manage safety, security, and their interrelations during a crisis is thus another issue. In addition to the challenge of multiple scales, another issue is the need to address a multitude of actors at the same time, as well as being clear on what actors and at which levels research will be conducted. Taking a macro approach also suggests the inclusion of actors that are not so commonly considered in safety and security research. For example, Brooks and Cole (this volume), by addressing synergies and tensions through the lenses of the associated safety and security professions, suggest that both these distinct professional communities need to be considered as such. Likewise, as illustrated by Wipf (this volume), the attacker, that doesn't "exist" as such from a safety viewpoint, becomes an actor to be considered. Another actor suggested by Bongiovanni (this volume) to be considered is the end-user. Although central to the design thinking approach through which he looks at safety-security convergence, the passengers are largely absent from safety management approaches within aviation.
As a final remark, relevant empirical descriptions of how global trends bring with them unanticipated and "hidden" effects on organizations' safety and security practices are still few. Part of the reasons may be the research environment that needs to be created to have access to security-related aspects, or the tradeoffs between safety and security research topics and communities. Others may be, as discussed above, related to the challenges of addressing multiple scales, dimensions, and aspects. In order to minimize "biases", empirical research would best be framed and conducted by research teams involving both safety and security researchers. Bringing them together will (hopefully) allow for better definitions of scales, timeframes, and actors that are relevant for revealing how global trends bring with them unanticipated and "hidden" effects on organizations' safety and security.
Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.
The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.